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DETAILED ACTION 

1 . Claims 1 -27 are presented for examination. 

Claim Rejections - 35 USC §101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 13-24 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. The claims are directed to a signal directly or indirectly by 
claiming a medium and the Specification recites evidence where the computer readable medium 
is define as a "wave" (such as a carrier wave) (see specification, page 35, paragraph 86). In that 
event, the claims are directed to a form of energy which at present the office feels does not fall 
into a category of invention. 

See MPEP2106. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing put and distinctly claiming the 
subject matter which the applicant regards as his invention. 

4. Claim 9 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 
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Claim 9 recites the limitation "the second communications object" in lines 1-2. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1-2, 5-7, 12-14, 17-19, 24-25 and 27 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Berger et al. (U.S. 2003/0014466 Al) in view of Stevens (Advanced 
Programming in the UNIX Environment). 

As to claim 1, Berger teaches a method comprising: in a global operating system 
environment controlled by a single operating system kernel instance (a trusted Linux host OS, a 
base Linux kernel 400; page 5, paragraph 46), establishing a non-global zone for isolating 
processes from processes in other non-global zones (WEB compartment 401, FTP compartment 
402, and SYSTEM compartment 403; page 5, paragraph 46 and each process within the system 
... from another compartment; page 4, paragraph 41), wherein the non-global zone has a unique 
zone identifier (user-friendly names ... respective number that is used for internal processing by 
system 400; page 5, paragraph 48), processes from one non-global zone cannot interfere with 
processes from another non-global zones (page 2, paragraph 18, page 3, paragraph 35 and page 
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4, paragraph 41), the processes of the non-global zones are limited to accessing system resources 
according to rules stored in rule database (page 5, paragraph 47), processes in non-global zones 
make IPC requests to access resources or communicate to other processes (page 7, paragraph 82 
- page 8, paragraph 95), each process has a label attached indication which non-global zone that 
the process belong to (page 9, paragraph 1 1 8), and tagging individual kernel resources (page 6, 
paragraphs 58-59). 

Although Berger do not explicitly teach receiving from a first process executing in 
association with the non-global zone a first request to create a communications object, in 
response to receiving the first request, creating a communications object, wherein the 
communications object has the unique zone identifier of the first process associated therewith, 
receiving from a second process a second request to initiate communications using the 
communications object, in response to receiving the second request, determining if the second 
process is associated with the non-global zone having the unique zone identifier of the 
communications object, and denying the second request if the second process is not associated 
with the non-global zone having the unique zone identifier of the communications object, Berger 
already teaches processes executing in one non-global zones cannot access other processes or 
resources of another non-global zone (page 2, paragraph 18, page 3, paragraph 35 and page 4, 
paragraph 41), and requests to communicate to other processes or access resources of another 
non-global zone is denied (page 6, paragraph 50). Stevens teaches a first process request to 
creates a communications object (calls pipe; page 429), the kernel creates a pipe in response to 
the request (see Fig. 14.3). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
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was made to apply the teaching of Stevens to the system of Berger for the full understanding of 
how process in each non-global can make system calls/request utilizing IPC means (see Berger, 
page 5, paragraph 46 and page 7 5 paragraphs 83-90) 

As to claim 2, Berger as modified teaches permitting the second request if the second 
process is associated with the non-global zone having the same unique zone identifier of the 
communications object (grant communication access; page 6, paragraph 50). 

As to claim 5, Berger teaches wherein establishing a non-global zone for isolating 
processes from processes in other non-global zones further comprises: 

- creating a non-global zone (implements compartments to provide containment; page 5, 
paragraph 46), 

- associating a unique identifier with the non-global zone (user- friendly name, a 
respective number; page 5, paragraph 48), and 

- creating a data structure for managing information about communications objects 
associated with the non-global zone (Each tagged data type ... kernel resources; page 5, 
paragraphs 58-59). 

As to claim 6, Berger teaches receiving from a second process a request to initiate 
communications using the communications object comprises receiving a request from a 
requestor process in a first non-global zone to communicate with a recipient process in a second 
non-global zone (process may include code ...resource; pages 5-6, paragraph 50 and what an end- 
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user ... several compartments; page 6, paragraph 63), the method further comprising: 

- retrieving credentials for the requestor process, the credentials comprising a zone 
identifier indicating a non-global zone to which the requestor process is bound (at appropriate 
points in the kernel, access-control checks are performed, consults a table of rules indicating 
which compartments are allowed to access the resources of another compartment; page 7, 
paragraph 82), 

- verifying that the requestor process is authorized to communicate with the recipient 
process across a non-global zone boundary based upon the credentials (access control logic ... is 
permitted to access to the particular resource; page 6, paragraph 50), and 

- establishing a communication path between the requestor process and the recipient 
process via the global operating system environment if the requestor process is authorized 
(depending on the rules ... access control logic may grant communication access to process 503; 
page 5, paragraph 50, and flexible communication paths between compartments ... most IPC 
mechanism; page 4, paragraph 43). 

As to claim 7, Stevens teaches wherein the communications object comprises at least one 
of a loopback transport provider, a semaphore, a shared memory segment, a message queue and 
an event channel (see fig. 14-1, page 427). 

As to claim 12, see rejections of claims 1-2 above. 



As to claim 13, it is the same as the method claim of claim 1 except it is a computer 
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product claim, and is rejected under the same ground of rejection. 

As to claims 14 and 17-19, see rejections of claims 2 and 5-7 above. 

As to claim 24, it is the same as the method claim of claim 12 except it is a computer 
product claim, and is rejected under the same ground of rejection. 

As to claim 25, it is the same as the method claim of claim 1 except it is an apparatus 
claim, and is rejected under the same ground of rejection. 

As to claim 27, it is the same as the method claim of claim 12 except it is an apparatus 
claim, and is rejected under the same ground of rejection. 

7. Claims 3-4 and 15-16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Berger et al. (U.S. 2003/0014466 Al) in view of Stevens (Advanced Programming in 
the UNIX Environment) further in view of Kamp et al (Jails: Confining the omnipotent 
root). 

As to claim 3, Berger as modified teaches wherein the communications object has an 
object identifier, and wherein creating a communications object further comprises: 

- creating a communications object having a communications object identifier (see 
Stevens: A pipe is created by calling the pipe function, int pipe (int fields[2]); page 428, section 
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14.2), 

- associating a zone identifier of the requesting process with the communications object 
(see Berger: introduce a tag on various data types, compartment number, tagging individual 
kernel resources; page 6, paragraphs 58-59), 

- storing the communications object identifier and the zone identifier in a structure for 
managing communications objects in the non-global zone comprising the first process (see 
Berger: struct scecinfo data-member ... data structure; page 6, paragraph 58), 

Berger and Stevens do not teach enabling a first communications object in a first non- 
global zone and a second communications object in a second non-global zone to use identical 
communications object identifiers. However, Kamp teaches collision of identifiers is occurred in 
the Jails environment (pages 8-9, section 7.3 'Jail Management'). Thus, communications objects 
in different non-global zones can use the same object identifier. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to apply the teaching of Kamp to the system of Berger and Stevens because Kamp 
teaches the collision identifiers in the system with multiple non-global zones, and the 
administrations should understand to avoid confusion and unintended consequences may results 
(page 9, first paragraph). 

As to claim 4,. Stevens teaches wherein the communications object identifier comprises at 
least one of an address, a socket identifier, a port, a flex address, a semaphore identifier, a 
message queue identifier, a shared memory segment identifier, a pipe and a stream identifier (see 
Fig. 14.1, page 427). 
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As to claims 15-16, see rejections of claims 3-4 above. 

8. Claims 8-11, 20-23 and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Berger et al. (U.S. 2003/0014466 Al) in view of Stevens (Advanced Programming in 
the UNIX Environment) further in view of Kamp et al. (Jails: Confining the omnipotent 
root) and Presotto et al. (Interprocess Communication in the Ninth Edition Unix System). 

As to claim 8, see rejection of claim 1 above. Berger teaches establishing access 
permissions for the file system locations (page 5, paragraph 49 and page 7, paragraphs 93-90). 

Berger and Stevens do not teach mounting a file system to a global file system of the 
global operating system environment at a point accessible by processes in one non-global zone, 
establishing a file system location in the file system of the non-global zone, establishing a 
communications object within the file system location. However, Kamp teaches mounting a file 
system to a global file system of the global operating system environment at a point accessible 
by processes in one non-global zone (mounting a process file system for the jail; page 8, 
paragraphs 7.2 & 7.3 ), establishing a file system location in the file system of the non-global 
zone (mounting a process file system for the jail; page 8, paragraphs 7.2 and 7.3). Presotto 
teaches file system is used for inter-process communication (pages 3-4, section Tile System'). 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to apply the teaching of Kamp and Presotto to the system of Berger and Stevens 
because Kamp and Presotto provide a method for communication in the jail system utilizing file 
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system. 

As to claim 9, Stevens teaches wherein the first communications object and the second 
communications object employ at least one of a pipe, a stream, a socket, a POSIX inter-process 
communications and a doors interface (see fig. 14-1, page 427). 

As to claim 10, see rejection of claim 6 above. 

As to claim 11, Stevens teaches wherein the first process in the first non-global zone 
communicates with the second process in the second non-global zone using at least one of an 
event channel and a doors interface (Fig. 14.1, page 427). 

As to claim 20, it is the same as the method claim of claim 8 except it is a computer 
product claim, and is rejected under the same ground of rejection. 

As to claims 21-23, see rejections of claims 9-1 1 above. 

As to claim 26, it is the same as the method claim of claim 8 except it is an apparatus 
claim, and is rejected under the same ground of rejection. 



9. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
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disclosure. See PTO 892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Diem K. Cao whose telephone number is (571) 272-3760. The 
examiner can normally be reached on Monday - Friday, 8:30AM - 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Thomson can be reached on (571) 272-3718. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




